-
Feature Request
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
None
-
False
-
None
-
False
-
Not Selected
-
-
1. Proposed title of this feature request
KafkaSource to Kafka authentication with Kerberos
2. What is the nature and description of the request?
By default, customer uses Kerberos (specifically: SASL_SSL with the SASL mechanism GSSAPI) as the authentication method for Kafka: https://docs.confluent.io/platform/current/kafka/overview-authentication-methods.html).
For authentication via Kerberos, the following configurations must be able to be passed to the client in OpenShift Serverless:
# settings for connection and encryption bootstrap.servers=mybroker1.example.com:9093 ssl.truststore.location=/etc/pki/java/cacerts ssl.truststore.password=changeit # settings for sasl/gssapi authentication sasl.mechanism=GSSAPI security.protocol=SASL_SSL sasl.kerberos.service.name=kafka sasl.jaas.config=com.sun.security.auth.module.Krb5LoginModule required \ useKeyTab=true \ storeKey=true \ keyTab="/etc/security/keytabs/kafka_client.keytab" \ principal=kafkaclient1@EXAMPLE.COM; # alternative when using kerberos ticket cache #sasl.jaas.config=com.sun.security.auth.module.Krb5LoginModule required \ useTicketCache=true;
3. Why does the customer need this? (List the business requirements here)
Compliance with Kafka authentication mechanism
4. List any affected packages or components.
OpenShift Serverless (KafkaSource)
